Client-Side Detection of Clickjacking Attacks

Client-Side Detection of Clickjacking Attacks

Hossain Shahriar, Hisham M. Haddad
Copyright: © 2015 |Pages: 25
DOI: 10.4018/IJISP.2015010101
OnDemand:
(Individual Articles)
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Clickjacking attacks are emerging threat for web application users where click operations performed by victims lead to security breaches such as compromising webcams and posting unintended messages. Effective client-side defense technique could prevent the possible victims. This paper presents a client side approach to detect clickjacking attacks. The authors' approach examines web page requests and responses; the proposed approach is designed to detect advanced attack types such as cursorjacking, double click, and history object-based attacks. They evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that our approach has low false positive and false negative rates. The overhead imposed by the proposed approach is negligible.
Article Preview
Top

2. Illustrative Example

We illustrate an example code snippet mimicking a clickjacking attack based on Facebook “Like” action. Here, the GUI element for “Like” is being hidden in an iframe of a web page controlled by an attacker. The attacker hides the GUI element by making the iframe invisible based on Cascading Style Sheet (CSS) features.

Complete Article List

Search this Journal:
Reset
Volume 18: 1 Issue (2024)
Volume 17: 1 Issue (2023)
Volume 16: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 15: 4 Issues (2021)
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing